smokeloader | ebc0d7e423eab5452f3a74fd22c6b6736b0aa5074544910e4975371552bf3076 | Triage

Sharing

General

Target

ebc0d7e423eab5452f3a74fd22c6b6736b0aa5074544910e4975371552bf3076
Size

320KB
Sample

230509-3p355afc3y
MD5

59d1993e5169643270848384a71de6ce
SHA1

e3842a285c8e4e69e2479d8aec037e290dcf85fa
SHA256

ebc0d7e423eab5452f3a74fd22c6b6736b0aa5074544910e4975371552bf3076
SHA512

5842bde6b8b237c904dcdee3b6e0204b30ab06e62cfe1eadd2d35bcfcb900f1aaf7edce0b98558bc377d7c274e2d925e56185183e6dce41a81db94d429ebf0ba
SSDEEP

6144:T5ApnLiJ8T5uSl97PXMucP4OzikNI2IvGG4:TAneJ8T5/lB8us4tuI2IvG

Score

10^/10

smokeloader pu10 backdoor trojan

Malware Config

Extracted

Family

smokeloader

Botnet

pu10

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-host6.com/

http://host-host-file8.com/

rc4.i32

rc4.i32

Targets

- Target
  
  ebc0d7e423eab5452f3a74fd22c6b6736b0aa5074544910e4975371552bf3076
- Size
  
  320KB
- MD5
  
  59d1993e5169643270848384a71de6ce
- SHA1
  
  e3842a285c8e4e69e2479d8aec037e290dcf85fa
- SHA256
  
  ebc0d7e423eab5452f3a74fd22c6b6736b0aa5074544910e4975371552bf3076
- SHA512
  
  5842bde6b8b237c904dcdee3b6e0204b30ab06e62cfe1eadd2d35bcfcb900f1aaf7edce0b98558bc377d7c274e2d925e56185183e6dce41a81db94d429ebf0ba
- SSDEEP
  
  6144:T5ApnLiJ8T5uSl97PXMucP4OzikNI2IvGG4:TAneJ8T5/lB8us4tuI2IvG
Score

10^/10

smokeloader pu10 backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderpu10backdoortrojan